Is there any chance you might write a future article explaining in easy to understand language how one might go about removing the listening devices from mobile phones? (It could be the beginning of a whole new line of work for those furloughed or zero-hour-contracted individuals.)
Edward, sorry it took so long to subscribe. Figured it would get me on a list. I am probably already on it and your work is fucking brilliant. Please stay safe and thank you for your bravery always..
It‘s always interesting to read your opinion. When you write: „[…] vulnerabilities that are later discovered and exploited by the Insecurity Industry are introduced […] at the exact time the code is written, which makes choosing a safer language a crucial protection […]“, what is considered a safe programming language?
It would take some work on your part, but GrapheneOS can be downloaded for free to the appropriate Android device and a VOIP number can be purchased and used instead of the primary phone # associated with your carrier. All of this can be purchased anonymously without associating your name with your device or carrier. For tin foil hat people like me, I also keep my phone in a Faraday bag and keep it there whenever I am within 5 miles of my home so it is never associated with my home location.
Rust is becoming popular and is designed to be memory safe. Exploits related to buggy memory management shouldn't be possible if you're using Rust and don't step over its guardrails.
I am a normal citizen with no intention to screw open my phone prior to using it. What shall I do after reading this article? I might need a detailed behavioral pattern. Some kind of a plan I can stick to. One that indeed can be followed, and is not overly complicated. While I intend to protect myself, at the same time I have no intent to cut myself deep into my own flesh. Where is the hardware and the operating System to escape the invisible threat snowden reports about? What exactly may set entire nations into a state of shock, so that people start to act? And into which direction could people in fact go, and what benefits may there be to trigger them? And yes I would need to be triggered to act too.
It’s curious how the geopolitical and economic context modifies the characteristics considered safe. Until a few years ago iOS was very much appreciated for having the same software level on practically all devices, while Android was, and still is, a melting pot of versions.
iOS's update model is 1000% better than Android's, which is a massive security improvement against *most* threat actors (who aren't using artisanal Israeli zero-day exploits). Android's advantage against the top dogs here is entirely accidental, due to fragmentation of hardware/firmware/software versions. There are millions and millions of insecure Android phones that will never be patched (vaccinated against known vulnerabilities), which is tragic.
This is all to say, "it's complicated," but from the question, it sounds like you already understand that better than most.
While I agree that they need to be stopped, I'm worried about what consequences it might have to ban code. I personally view code as a form of free speech, but I am not sure what implications it might have to ban specific forms of code. I am sure you are aware of how governments operate by first banning one thing, then over time slowly infringing further and further on our fundamental rights while no one is paying attention. Each step of the way will only be "just a minor infringement" but over time it will turn into an authoritarian nightmare like what has happened here in Denmark. I am hereby not saying that I don't support a ban on the trading of exploits, but rather that we should be very careful that we don't hand the US government the tools to win cases like Defense Distributed v. United States Department of State in the name of protecting people.
I am not familiar with your views on gun ownership, and in the interest of not turning into an easy target of confirmation bias or media smearing I don't expect you to clarify this if you don't wish to do so. I simply used Defense Distributed v. United States Department of State since it is the case I am most familiar with in regards to just how fine the line is between what is free speech and what is infringement upon the rights of others.
I am by no means an expert on technology and I am sure you know better than anyone what harm seemingly innocent changes to/interpretation of law can cause. Just take a look at the damage Smith v. Maryland has lead to. Of course, I am sure that if Smith v. Maryland hadn't taken place then they would just have found some other case and used that.
I'm not quite sure how to end this as I'm largely in agreement with you that we need to end this immediately. I just wanted to air my concerns about possible negative consequences to look out for.
I hope that we will one day be able to share a beer as free men.
The danger of hardware backdoors was obvious back in the 1990s, especially to anyone familiar James Bamford's books or to anyone paying attention to the clipper chip controversy of that time. When the news came out about twenty years ago that the second generation of digital cell phones were going to be required to have a GPS chip built in, I rushed to buy a first generation (pre-flip phone) Nokia, figuring that I could put up with cell tower triangulation, but certainly not with pinpoint geolocation.
I still use this phone today (not only does the battery last a long time, one can easily take it out and replace it). Am I the least bit tempted to switch to a portable telescreen? No. The only thing about such phones that sparks my interest is the question of why George Orwell, who seemed to have foreseen so much about the direction we are heading, didn't anticipate them first.
I was pleased to see that you physically alter a smartphone to remove some of it's evil, before using it.
I am, frankly, worried that my respect for you is misplaced when I see you advocating anything that uses these awful devices. (In my opinion, they're so bad, on several levels, that mine is mostly switched off.) That reduces my concern.
I don't even need to read news articles to see that news organisations are among the worst on the web. Just trace some of the places they sell your data or the preponderance of spyware from loading one of their pages.
Anybody can trace what a web site does. There's no shortage of information on what computing devices do. Few seem to care, few seem to bother. All the useful idiots are a big part of the problem. They enable the malefactors to take over, as they have.
Like you I hope the NSO revelations are a turning of the tide.
It was encouraging to see some interest in the topic of removing some listening (and locating) chips from some mobile brand names.
There are many issues.
Geospatial location by government and private agencies can be achieved in several different ways.
Tradeoffs in mobile device functionality would sadly not be popular with everyone - especially millennials.
However, with caveats, I think there are a significant number of people who would appreciate a second device could still provide these services while their modified device (sadly, no longer covered by manufacturers' warranty!) could be used for whatever specialist activity where they require as few (eyes and ears) agencies as possible and practicable to be "sharing" their "every moment" online (!)
I hope a lot more journalists write about the 'convergence of common interests', a phrase I use to describe the many layers of manipulation spawned from the initial data gathering. We've gone way past the naive starting point of the Patriot Act marketing slogan, 'if you're not committing a crime, you have nothing to worry about.' There was no warning label on Social Media, as there is on cigarettes and alcohol, that would have prepared me for the serious dangers of engaging on Twitter after a decade long boycott since Myspace. In a few short months, the social Network was feeding back to me memories that had accumulated during that time offline like a robotic stalker. The details were so intimate and the theme of these 'exposed variables' were a persistent horror show narrative. As a compulsive writer, the feedback loop became nearly instantaneous with the panicked realization in the movie scene when the victim gets the message 'the calls are coming from INSIDE your house'.
Since then I've been much like Khan in Star Trek quoting Moby Dick. I'll chase this ghost round the likes of Twitter and round the Google maelstrom, and round flaming dumpster fires of Facebook before I give it up! The terrible conclusion from my mad Ahab's quest is this white whale just smashes through all firewalls, laws, ethics and morality for a result that the United States is watching unfold in real time. A giant vortex with machine precision and indifference swallowing up anyone trying to break the cycle of history, increasing the probability that we are doomed to repeat it.
My daily phone these days is the Punkt MP02. It's pretty good and has Signal built in. Not a smartphone, so I am told it is not as vulnerable and Apple and Android phones. Are 'dumb phones' the way to go? I also use ProtonMail for email and Threema instead of WhatsApp. My cloud storage is with Internxt. I guess the weak link is my PC? Thoughts?
When you read the stories of whistle blowers like Martin Tripp, ex employee of Tesla, another Cambridge Analytica but with a front of green tech and been pro people and planet - Article: "When Elon Musk Set Out To Destroy A Whistleblower" it states how Musk has tech to live watch devices, but also how this is easily accessible to employees he feels align with his mentality.
This case also puts into perspective the insane oversight from leaders on tech development overall and practical present uses across the private sector, but not only that, the disparity between what is public knowledge, and even what the tech / private sector shares with leadership / regulators about their works and capabilities.
It's obvious on so many legal issues that have arisen over the last decade there's what happens and then what is explained to even authorities on these matters; recent examples can be better observed with the cases against Facebook, Twitter, Cambridge Analytica, Amazon, Google, Tesla data mining plus human profiling practices, etc.
Sounds conspiracy when you also bring forth the points of what some of the silicon Valley minds might have wandering in their heads, however, once you pair that with actions that are done that don't make it to the public ear as fast or wide spread, it does show quite a grim picture; see the prolific case of diseased elite pedophile ring leader Jeffrey Epstein and his very prolific circle of friends and customers as one of several examples.
The case of what Pegasus is doing seems to not even show the fuller picture of what abilities tech companies are pursuing, even embedded in "legal means" on the very tech been purchased as software and hardware by public and leadership across the board, across the planet.
Add, they are also more aware and in control of actual space tech as is satellites and well, the picture starts to fill and while it seems "out there", the reality is that is very much the factual state of human civilization; the illusion of order and balance.
Nonetheless, weather it might seem a futile pursue, the talk is ever so important on this time and age; until it makes it in a way is truly understood to every ear out there.
Thanks for all you've done and continue to; you are a treasure Ed.
A truly important topic without question! I have found that more often than not people are able to see when something is not right but InfoSec just does not seem to be the priority for the average bear. I wonder if we might not find some creative, user-friendly, and impactful ways for collective action to be taken? : )
"This will be the future: a world of people too busy playing with their phones to even notice that someone else controls them."
The future is now.
Hello!
Is there any chance you might write a future article explaining in easy to understand language how one might go about removing the listening devices from mobile phones? (It could be the beginning of a whole new line of work for those furloughed or zero-hour-contracted individuals.)
Edward, sorry it took so long to subscribe. Figured it would get me on a list. I am probably already on it and your work is fucking brilliant. Please stay safe and thank you for your bravery always..
It‘s always interesting to read your opinion. When you write: „[…] vulnerabilities that are later discovered and exploited by the Insecurity Industry are introduced […] at the exact time the code is written, which makes choosing a safer language a crucial protection […]“, what is considered a safe programming language?
It would take some work on your part, but GrapheneOS can be downloaded for free to the appropriate Android device and a VOIP number can be purchased and used instead of the primary phone # associated with your carrier. All of this can be purchased anonymously without associating your name with your device or carrier. For tin foil hat people like me, I also keep my phone in a Faraday bag and keep it there whenever I am within 5 miles of my home so it is never associated with my home location.
There is no perfect solution, but it helps.
Rust is becoming popular and is designed to be memory safe. Exploits related to buggy memory management shouldn't be possible if you're using Rust and don't step over its guardrails.
I am a normal citizen with no intention to screw open my phone prior to using it. What shall I do after reading this article? I might need a detailed behavioral pattern. Some kind of a plan I can stick to. One that indeed can be followed, and is not overly complicated. While I intend to protect myself, at the same time I have no intent to cut myself deep into my own flesh. Where is the hardware and the operating System to escape the invisible threat snowden reports about? What exactly may set entire nations into a state of shock, so that people start to act? And into which direction could people in fact go, and what benefits may there be to trigger them? And yes I would need to be triggered to act too.
Would removing any of the chips remove functionality of the phone other than the spying pieces?
It’s curious how the geopolitical and economic context modifies the characteristics considered safe. Until a few years ago iOS was very much appreciated for having the same software level on practically all devices, while Android was, and still is, a melting pot of versions.
iOS's update model is 1000% better than Android's, which is a massive security improvement against *most* threat actors (who aren't using artisanal Israeli zero-day exploits). Android's advantage against the top dogs here is entirely accidental, due to fragmentation of hardware/firmware/software versions. There are millions and millions of insecure Android phones that will never be patched (vaccinated against known vulnerabilities), which is tragic.
This is all to say, "it's complicated," but from the question, it sounds like you already understand that better than most.
While I agree that they need to be stopped, I'm worried about what consequences it might have to ban code. I personally view code as a form of free speech, but I am not sure what implications it might have to ban specific forms of code. I am sure you are aware of how governments operate by first banning one thing, then over time slowly infringing further and further on our fundamental rights while no one is paying attention. Each step of the way will only be "just a minor infringement" but over time it will turn into an authoritarian nightmare like what has happened here in Denmark. I am hereby not saying that I don't support a ban on the trading of exploits, but rather that we should be very careful that we don't hand the US government the tools to win cases like Defense Distributed v. United States Department of State in the name of protecting people.
I am not familiar with your views on gun ownership, and in the interest of not turning into an easy target of confirmation bias or media smearing I don't expect you to clarify this if you don't wish to do so. I simply used Defense Distributed v. United States Department of State since it is the case I am most familiar with in regards to just how fine the line is between what is free speech and what is infringement upon the rights of others.
I am by no means an expert on technology and I am sure you know better than anyone what harm seemingly innocent changes to/interpretation of law can cause. Just take a look at the damage Smith v. Maryland has lead to. Of course, I am sure that if Smith v. Maryland hadn't taken place then they would just have found some other case and used that.
I'm not quite sure how to end this as I'm largely in agreement with you that we need to end this immediately. I just wanted to air my concerns about possible negative consequences to look out for.
I hope that we will one day be able to share a beer as free men.
The danger of hardware backdoors was obvious back in the 1990s, especially to anyone familiar James Bamford's books or to anyone paying attention to the clipper chip controversy of that time. When the news came out about twenty years ago that the second generation of digital cell phones were going to be required to have a GPS chip built in, I rushed to buy a first generation (pre-flip phone) Nokia, figuring that I could put up with cell tower triangulation, but certainly not with pinpoint geolocation.
I still use this phone today (not only does the battery last a long time, one can easily take it out and replace it). Am I the least bit tempted to switch to a portable telescreen? No. The only thing about such phones that sparks my interest is the question of why George Orwell, who seemed to have foreseen so much about the direction we are heading, didn't anticipate them first.
I was pleased to see that you physically alter a smartphone to remove some of it's evil, before using it.
I am, frankly, worried that my respect for you is misplaced when I see you advocating anything that uses these awful devices. (In my opinion, they're so bad, on several levels, that mine is mostly switched off.) That reduces my concern.
I don't even need to read news articles to see that news organisations are among the worst on the web. Just trace some of the places they sell your data or the preponderance of spyware from loading one of their pages.
Anybody can trace what a web site does. There's no shortage of information on what computing devices do. Few seem to care, few seem to bother. All the useful idiots are a big part of the problem. They enable the malefactors to take over, as they have.
Like you I hope the NSO revelations are a turning of the tide.
Outstanding polemic, Edward! Thank you! I will be sharing this.
It was encouraging to see some interest in the topic of removing some listening (and locating) chips from some mobile brand names.
There are many issues.
Geospatial location by government and private agencies can be achieved in several different ways.
Tradeoffs in mobile device functionality would sadly not be popular with everyone - especially millennials.
However, with caveats, I think there are a significant number of people who would appreciate a second device could still provide these services while their modified device (sadly, no longer covered by manufacturers' warranty!) could be used for whatever specialist activity where they require as few (eyes and ears) agencies as possible and practicable to be "sharing" their "every moment" online (!)
I hope a lot more journalists write about the 'convergence of common interests', a phrase I use to describe the many layers of manipulation spawned from the initial data gathering. We've gone way past the naive starting point of the Patriot Act marketing slogan, 'if you're not committing a crime, you have nothing to worry about.' There was no warning label on Social Media, as there is on cigarettes and alcohol, that would have prepared me for the serious dangers of engaging on Twitter after a decade long boycott since Myspace. In a few short months, the social Network was feeding back to me memories that had accumulated during that time offline like a robotic stalker. The details were so intimate and the theme of these 'exposed variables' were a persistent horror show narrative. As a compulsive writer, the feedback loop became nearly instantaneous with the panicked realization in the movie scene when the victim gets the message 'the calls are coming from INSIDE your house'.
Since then I've been much like Khan in Star Trek quoting Moby Dick. I'll chase this ghost round the likes of Twitter and round the Google maelstrom, and round flaming dumpster fires of Facebook before I give it up! The terrible conclusion from my mad Ahab's quest is this white whale just smashes through all firewalls, laws, ethics and morality for a result that the United States is watching unfold in real time. A giant vortex with machine precision and indifference swallowing up anyone trying to break the cycle of history, increasing the probability that we are doomed to repeat it.
My daily phone these days is the Punkt MP02. It's pretty good and has Signal built in. Not a smartphone, so I am told it is not as vulnerable and Apple and Android phones. Are 'dumb phones' the way to go? I also use ProtonMail for email and Threema instead of WhatsApp. My cloud storage is with Internxt. I guess the weak link is my PC? Thoughts?
When you read the stories of whistle blowers like Martin Tripp, ex employee of Tesla, another Cambridge Analytica but with a front of green tech and been pro people and planet - Article: "When Elon Musk Set Out To Destroy A Whistleblower" it states how Musk has tech to live watch devices, but also how this is easily accessible to employees he feels align with his mentality.
This case also puts into perspective the insane oversight from leaders on tech development overall and practical present uses across the private sector, but not only that, the disparity between what is public knowledge, and even what the tech / private sector shares with leadership / regulators about their works and capabilities.
It's obvious on so many legal issues that have arisen over the last decade there's what happens and then what is explained to even authorities on these matters; recent examples can be better observed with the cases against Facebook, Twitter, Cambridge Analytica, Amazon, Google, Tesla data mining plus human profiling practices, etc.
Sounds conspiracy when you also bring forth the points of what some of the silicon Valley minds might have wandering in their heads, however, once you pair that with actions that are done that don't make it to the public ear as fast or wide spread, it does show quite a grim picture; see the prolific case of diseased elite pedophile ring leader Jeffrey Epstein and his very prolific circle of friends and customers as one of several examples.
The case of what Pegasus is doing seems to not even show the fuller picture of what abilities tech companies are pursuing, even embedded in "legal means" on the very tech been purchased as software and hardware by public and leadership across the board, across the planet.
Add, they are also more aware and in control of actual space tech as is satellites and well, the picture starts to fill and while it seems "out there", the reality is that is very much the factual state of human civilization; the illusion of order and balance.
Nonetheless, weather it might seem a futile pursue, the talk is ever so important on this time and age; until it makes it in a way is truly understood to every ear out there.
Thanks for all you've done and continue to; you are a treasure Ed.
I so appreciate this!!!!!!!! < 3 < 3 < 3 < 3
A truly important topic without question! I have found that more often than not people are able to see when something is not right but InfoSec just does not seem to be the priority for the average bear. I wonder if we might not find some creative, user-friendly, and impactful ways for collective action to be taken? : )
What have people done that seems effective?
What ideas are folks eager to try?
What can I help with?